Format string vulnerability is a common and harmful software vulnerability. The misjudgment of the exploitability posed by software vulnerability is as much about some of the existing format string vulnerability automatic exploit generation system as the parameter storage location is outside the stack. In view of this problem, an automatic exploit generation method of format string vulnerabilities is designed based on symbolic execution. First, the current format string function vulnerabilities are detected according to the parameter symbol information, and then the exploit constraints with parameters stored in different spaces are constructed respectively, and finally the exploit code is obtained by using the constraint solution. The automatic verification of format string vulnerability is realized. The experiments with different test programs under Linux system verify the effectiveness of the method.